admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-03 15:01:16 +00:00
parent 74331faa49
commit b85243757c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 13 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2022/21xxx/CVE-2022-21737.json
View File

@ -12,24 +12,18 @@
"product": {
"product_data": [
{
"product_name": "tensorflow",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": ">= 2.7.0, < 2.7.1"
},
{
"version_value": ">= 2.6.0, < 2.6.3"
},
{
"version_value": "< 2.5.3"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "tensorflow"
"vendor_name": "n/a"
}
]
}
@ -67,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-617: Reachable Assertion"
"value": "n/a"
}
]
}

14
2022/21xxx/CVE-2022-21738.json
View File

@ -12,24 +12,18 @@
"product": {
"product_data": [
{
"product_name": "tensorflow",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": ">= 2.7.0, < 2.7.1"
},
{
"version_value": ">= 2.6.0, < 2.6.3"
},
{
"version_value": "< 2.5.3"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "tensorflow"
"vendor_name": "n/a"
}
]
}
@ -67,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
"value": "n/a"
}
]
}

14
2022/21xxx/CVE-2022-21739.json
View File

@ -12,24 +12,18 @@
"product": {
"product_data": [
{
"product_name": "tensorflow",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": ">= 2.7.0, < 2.7.1"
},
{
"version_value": ">= 2.6.0, < 2.6.3"
},
{
"version_value": "< 2.5.3"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "tensorflow"
"vendor_name": "n/a"
}
]
}
@ -67,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
"value": "n/a"
}
]
}

2
2022/21xxx/CVE-2022-21741.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework.\n### Impact \nAn attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
"value": "Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},